Reminder of phishing

National Cyber Security Centre has received several notifications this week about the chains of phishing and e-mail accounts data breaches. These phishing attempts appear to be targeting public administration organisations and have been subject to invoices due and security mail.

Some members of the organisations have fallen into phishing. Criminals can use the passwords to break into e-mail accounts of victims and send new phishing messages from them to hundreds or even thousands of new recipients. Criminals send messages from hacked e-mail accounts to at least the addresses to which the data breach victim has normally sent messages.

Therefore, special caution should be exercised when opening e-mail links and attachments, even if the sender is the correct account of his own or the interest group organisation.

The actual stealing of username and password takes place on a website controlled by criminals, typically located in the Microsoft Power Apps portal of previously broken organisations.

Last updated: 13.4.2023